NetsList.com

View previous topic View next topic Go down

NetsList.com

Post by Wolff on 18th January 2010, 4:51 am

I think my PC is hijacked, from time to time there pops up a page to a site called NetsList.com, that seems to be some kind of online store, and then after a little time the PC freezes. Sometimes the Pc freezes only a minute after it has been turned on, without the NetsList page appearing. Sometimes there starts to sound a kind of background music, like some rock song, without me having done anything for that music to appear. I run Spyware Doctor and cleaned everything but the problems persist. I used the Hijackthis and then used the automatic analyzer at [You must be registered and logged in to see this link.] where the parsiong function tells me that some lines should be fixed ( the parsing highlights them in red) but I'm not sure if this is a safe method. What do you think? Anyway, here's my log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:04:02, on 18/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\SYSTEM32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\svchost.exe
C:\a-squared Free\a2service.exe
I:\WINDOWS\ALCXMNTR.EXE
I:\Archivos de programa\Java\jre6\bin\jusched.exe
I:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\WINDOWS\system32\LVCOMSX.EXE
I:\Archivos de programa\Logitech\Video\LogiTray.exe
C:\itunes\iTunesHelper.exe
I:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Spyware Doctor\BDT\BDTUpdateService.exe
I:\WINDOWS\system32\svchost.exe
I:\Archivos de programa\Java\jre6\bin\jqs.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\RUNDLL32.EXE
C:\Spyware Doctor\pctsTray.exe
I:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\WINDOWS\system32\dumprep.exe
I:\Documents and Settings\1\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
I:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Archivos de programa\DNA\btdna.exe
C:\Spyware Doctor\pctsAuxs.exe
C:\Spyware Doctor\pctsSvc.exe
I:\WINDOWS\system32\dwwin.exe
I:\Archivos de programa\Spyware Terminator\sp_rsser.exe
I:\WINDOWS\system32\svchost.exe
I:\Archivos de programa\Logitech\Video\FxSvr2.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\dwwin.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe
I:\Archivos de programa\iPod\bin\iPodService.exe
I:\WINDOWS\system32\msiexec.exe
I:\WINDOWS\System32\alg.exe
I:\Archivos de programa\Internet Explorer\iexplore.exe
I:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - I:\Archivos de programa\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] I:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] I:\Archivos de programa\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] I:\Archivos de programa\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] "I:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\1\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "I:\Archivos de programa\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "I:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Archivos de programa\DNA\btdna.exe"
O4 - HKCU\..\Run: [Mfcobj] I:\Documents and Settings\LocalService\Datos de programa\Adobe\Update\morkrn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - I:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - I:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - I:\WINDOWS\system32\services.exe
O23 - Service: Google Software Updater (gusvc) - Google - I:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - I:\WINDOWS\system32\imapi.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - I:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - I:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - I:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\Archivos de programa\Spyware Terminator\sp_rsser.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - I:\WINDOWS\system32\smlogsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - I:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - I:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9718 bytes

Wolff
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-01-18
OS OS : Windows XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NetsList.com

Post by Dr Jay on 18th January 2010, 5:20 am

Hi.

Bad part about HijackThis analyzers, is that they are highly inaccurate. Good work for coming to the experts, instead of fixing it yourself.

In fact, I gave a bad review for that very site you went to: [You must be registered and logged in to see this link.]

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: NetsList.com

Post by Wolff on 18th January 2010, 8:54 pm

Hi, I dont know if it ¡s general or the malware/s have sabotaged me, the
bleepingcomputer page is not available to me. Know any other place where I can grab it?

In fact, it seems that wahtever it is has hijacked my computer, is twharting other programs, as I tried to install the Malware bytes, but it simply won't install-- I click the install button, but nothing appears.

Wolff
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-01-18
OS OS : Windows XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NetsList.com

Post by Wolff on 18th January 2010, 9:35 pm

Wow, I used a program called Prevx, and it seems that it did the trick. I had to pay money, but so far now I can access to the the BleedingComputer page. I'll cross my fingers and hope that it's solved, otherwise I will try the Combofix.
Thanks for your help, friend.

Wolff
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-01-18
OS OS : Windows XP
Points Points : 25213
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NetsList.com

Post by Dr Jay on 19th January 2010, 1:45 am

Go ahead with ComboFix. But, make sure Prevx gets disabled, because it thinks our tools are bad software. Unfortunately, the Prevx developers won't believe our colleague. Annoyed or Unimpress


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum